The United Nations (UN) reported that North Korea is suspected of stealing crypto assets worth $1 billion over a year. According to the research, North Korea uses cyberattacks to target financial institutions and cryptocurrency exchanges to acquire digital assets.
North Korea has employed cyberattacks to avoid economic sanctions
According to the assessment, North Korea is continuing to make efforts to escape the economic restrictions put in place by the international community. The nation is subject to stringent economic restrictions because of its nuclear weapons development, so it turned to hack to get around them.
According to a study made public on Wednesday, a commission in charge of keeping track of how sanctions against Pyongyang are being implemented has found that the volume of cryptocurrency that was stolen in 2022 increased by over three times that of the previous year.
North Korean thieves stole cryptocurrencies worth an incredible $630 million in 2021. But, the figures sharply jumped in 2022, with an astonishing $1 billion seized in just that one year.
The estimates might be impacted by the recent fluctuation in the price of Bitcoin in US dollars, according to the UN report. It is obvious that in 2022, North Korea’s theft of virtual assets reached a record high. According to the investigation, despite Bitcoin’s unpredictability, North Korean hackers were effective in their attacks on digital assets.
North Korea uses the 3CX Exploit to hack into cryptocurrency websites
Russian antivirus company Kaspersky, which has been monitoring the flexible backdoor known as Gopuram internally since 2020, claimed to have seen a rise in infections in March 2023, just before the 3CX data leak.
Gopuram’s main purpose is to establish a connection with a command-and-control (C2) server and wait for instructions that will enable the attackers to access the victim’s file system, start processes, and launch as many as eight in-memory modules.
The fact that the backdoor “co-existed on victim devices with AppleJeus, a backdoor linked to the Korean-speaking threat actor Lazarus,” describing an attack on an undisclosed crypto business based in Southeast Asia in 2020, is what gives the backdoor its North Korean connections.
Given that the Lazarus Group frequently targets the financial sector to produce ill-gotten gains for the country under sanctions, the targeting of cryptocurrency enterprises is another obvious indication of their participation.
Small- and medium-sized businesses were attacked by ransomware
The actions of HOlyGhOst, a cyber group with ties to North Korea that has undertaken extensive, financially motivated attacks against Businesses, were also mentioned in the UN report. According to a cybersecurity firm, the group reportedly used ransomware to extort money from these companies.